[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5783 Introduced in House (IH)]








109th CONGRESS
  2d Session
                                H. R. 5783

   To amend title 38, United States Code, to improve the security of 
  sensitive personal data processed or maintained by the Secretary of 
                           Veterans Affairs.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             July 13, 2006

 Mr. Bilbray introduced the following bill; which was referred to the 
                     Committee on Veterans' Affairs

_______________________________________________________________________

                                 A BILL


 
   To amend title 38, United States Code, to improve the security of 
  sensitive personal data processed or maintained by the Secretary of 
                           Veterans Affairs.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Comprehensive Credit Services for 
Veterans Act of 2006''.

SEC. 2. SECURITY OF SENSITIVE PERSONAL DATA PROCESSED OR MAINTAINED BY 
              THE SECRETARY OF VETERANS AFFAIRS.

    (a) Data Security.--Subchapter I of chapter 57 of title 38, United 
States Code, is amended by adding at the end the following new section:
``Sec. 5706. Security of sensitive personal data
    ``(a) Comprehensive Credit Services.--In the event of a data breach 
with respect to data processed or maintained by the Secretary, the 
Secretary shall provide comprehensive credit services to an individual 
whose sensitive personal data is potentially compromised as a result of 
the data breach upon the request of the individual. Comprehensive 
credit services under this subsection shall include each of the 
following:
            ``(1) Credit reporting and monitoring services for not less 
        than 12 months beginning on the date on which the Secretary 
        notifies the individual of the data breach.
            ``(2) Credit alerts and security freezes.
            ``(3) Identity theft insurance in a coverage amount that 
        does exceed $30,000 in aggregate liability for the insured.
            ``(4) Fraud resolution services designed to assist the 
        individual in recovering and rehabilitating the individual's 
        credit in the event of identity theft or fraud.
            ``(5) Any other service that the Secretary determines is 
        appropriate.
    ``(b) Notification of Data Breach.--The Secretary shall notify any 
individual whose sensitive personal data is compromised as a result of 
a data breach with respect to data processed or maintained by the 
Department. Upon assessment of the personal impact of the security 
breach, each individual whose personal information was compromised 
shall be notified as promptly as possible. Such notification shall 
include a description of the comprehensive credit services available 
under this section and instructions for requesting such services.
    ``(c) Authority to Contract for Services.--The Secretary shall 
enter into such agreements and contracts as may be necessary to provide 
the comprehensive credit services under subsection (a).
    ``(d) Definitions.--For the purposes of this section:
            ``(1) The term `data breach' means the loss, theft, or 
        other unauthorized access to data containing sensitive personal 
        data, in electronic or printed form, that results in the 
        potential compromise of the confidentiality or integrity of the 
        data.
            ``(2) The term `sensitive personal data' means the name, 
        address, or telephone number of an individual, in combination 
        with any of the following:
                    ``(A) The Social Security number of the individual.
                    ``(B) The date of birth of the individual.
                    ``(C) Any information not available as part of the 
                public record regarding the individual's military 
                service or health.
                    ``(D) Any financial account or other financial 
                information relating to the individual.
                    ``(E) The driver's license number of the 
                individual.
    ``(e) Authorization of Appropriations.--There are authorized to be 
appropriated such sums as may be necessary to carry out this 
section.''.
    (b) Clerical Amendment.--The table of sections at the beginning of 
such chapter is amended by inserting after the item relating to section 
5705 the following new item:

``5706. Security of sensitive personal data.''.
    (c) Deadline for Regulations.--Not later than 90 days after the 
date of the enactment of this Act, the Secretary of Veterans Affairs 
shall publish regulations to carry out section 5706 of title 38, United 
States Code, as added by subsection (a).
                                 <all>